Untrusted search path vulnerability in the Python interface in eog
2.22.3, and possibly other versions, allows local users to execute
arbitrary code via a Trojan horse Python file in the current working
directory, related to a vulnerability in the PySys_SetArgv function
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
2.22.3-r3 is in the tree.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
can't do arm since it needs gnome-2.22 stable
Stable for HPPA.